Re: [Qemu-devel] [RFC PATCH 19/26] cpu-exec: reset exit flag before calling cpu_exec_nocache

[Paolo Bonzini]

On 31/10/2017 12:26, Pavel Dovgalyuk wrote:
> This patch resets icount_decr.u32.high before calling cpu_exec_nocache
> when exception is pending. Exception is caused by the first instruction
> in the block and it cannot be executed without resetting the flag.
> 
> Signed-off-by: Maria Klimushenkova <address@hidden>
> Signed-off-by: Pavel Dovgalyuk <address@hidden>
> 
> ---
>  accel/tcg/cpu-exec.c |    1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
> index 35d0240..aaa9c2d 100644
> --- a/accel/tcg/cpu-exec.c
> +++ b/accel/tcg/cpu-exec.c
> @@ -500,6 +500,7 @@ static inline bool cpu_handle_exception(CPUState *cpu, 
> int *ret)
>      } else if (replay_has_exception()
>                 && cpu->icount_decr.u16.low + cpu->icount_extra == 0) {
>          /* try to cause an exception pending in the log */
> +        atomic_set(&cpu->icount_decr.u16.high, 0);
>          cpu_exec_nocache(cpu, 1, tb_find(cpu, NULL, 0, curr_cflags()), true);
>          *ret = -1;
>          return true;
> 

I am not sure about this.  I think if instead you should return false 
from here and EXCP_INTERRUPT from cpu_exec.

More important: there is still a race, because high can be set to -1 
right after your atomic_set.  Maybe:

1) you should only return true if cpu->exception_index was set by 
cpu_exec_nocache?

2) you should not do

    *ret = -1;
    return true;

and instead do

    if (cpu->exception_index < 0 &&
        replay_has_exception() &&
        cpu->icount_decr.u16.low + cpu->icount_extra == 0) {
           /* try to cause an exception pending in the log */
           cpu_exec_nocache(cpu, 1, tb_find(cpu, NULL, 0, curr_cflags()), true);
        }
    }
    if (cpu->exception_index >= 0) {
        ...
    }
    return false;

Paolo